(aws-cdk-lib/aws-ec2): Misleading error "There are no <SubnetType> subnet groups in this VPC. Available types:" when no availability zones are provided #32451
Comments
gravitylow
added
bug
github-actions
bot
added
the
@aws-cdk/aws-ec2
khushail
added
needs-reproduction
khushail
added
investigating
|
Hi @gravitylow , thanks for reporting this issue. I tried to repro this with slightly modifying the code initially to see whether the subnets are created , with not mentioning availability zones at all and here is my result - code - new ec2.Vpc(this, 'VPC', {
vpcName: 'Test VPC',
ipAddresses: ec2.IpAddresses.cidr('10.0.0.0/16'),
defaultInstanceTenancy: ec2.DefaultInstanceTenancy.DEFAULT,
enableDnsHostnames: true,
enableDnsSupport: true,
subnetConfiguration: [
{
cidrMask: 24,
name: 'public',
subnetType: SubnetType.PUBLIC,
},
{
cidrMask: 24,
name: 'private',
subnetType: SubnetType.PRIVATE_WITH_EGRESS,
},
],
gatewayEndpoints: {
S3: {
service: ec2.GatewayVpcEndpointAwsService.S3,
subnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }, { subnetType: ec2.SubnetType.PUBLIC }],
},
},
});and the console shows all subnets created - 
while if I include the 
On deep-diving the code, I see that in the CDK Docs , its mentioned for So I agree it should be checked in the code if empty array is provided. Thanks for raising this issue. I am marking this as P2 as we have a workaround to not mention it at all or mention with regions ..but it would be good to have this check at first place. Marking it as P2 means it won't be immediately addressed by the team but would be on their radar and contributions from community are welcome as well as from the team. Hope that helps! |
khushail
added
p2
effort/small
|
Thanks very much @khushail. Since this is a relatively small issue and you agree with the proposed solution I think I will take a stab at adding that check when I get some time. |
Describe the bug
When one uses the
ec2.Vpcconstruct and supplies an empty list ofavailabilityZones, this results in no subnets actually being created in the VPC due to the loop here. If one then tries to create a VPC Endpoint or NAT Gateway in one of the VPCs they have configured, they will get an error such asThere are no 'Private' subnet groups in this VPC. Available types:, which can be a bit confusing since there were private subnets configured (but they didn't end up being created).Regression Issue
Last Known Working CDK Version
No response
Expected Behavior
When someone provides an empty availabilityZones list along with a subnet configuration, this should probably result in an error being thrown since this is a nonsensical configuration, which may lead to either missing subnets or misleading errors in further infra configuration down the line.
Current Behavior
The nonsensical configuration is silently accepted and leads to CDK not acting on the customer's configured subnets, or a different misleading error when later trying to create things in one of these subnets.
Reproduction Steps
The following VPC construct reproduces the error:
In this case providing
availabilityZones: [],is explicit and is a clear bug, but the issue is not caught at that point in the construct initialization. Rather it is raised later when trying to create the requested S3 gateway endpoint.In reality, the code which this example was extracted from retrieves the availability zones to use dynamically, which obscures the real issue from being this obvious.
Possible Solution
Add validation to throw an error when a
Vpcis initialized with an emptyavailabilityZoneslistAdditional Information/Context
No response
CDK CLI Version
2.171.1 (build a95560c)
Framework Version
No response
Node.js Version
18.x
OS
MacOS Sonoma 14.7 (23H124)
Language
TypeScript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: